Why Good Digital Privacy Legislation Is So Hard to Get Right
Clearly, we are in dire need of better legal protections related to our data, but that’s easier said than done
--
In 2018, the world watched in horror as any lingering delusions about our privacy online were dispelled. We learned that Russian intelligence agencies had manipulated our news feeds. We learned that U.S. intelligence agencies expanded their already extensive collection of internet communications. We learned that small-time crooks made fraudulent applications for credit cards and loans. Perhaps most important, the world realized that new corporate surveillance juggernauts had come on the scene. The advertising industry — led by Alphabet and Facebook — had built enormous digital dragnets just as invasive as anything built by the NSA or FSB.
It’s no wonder interest in privacy regulation has spiked.
The Cambridge Analytica scandal in particular was a watershed moment for public awareness around data privacy. It’s an interesting case study that highlights several of the problems with our current regulatory framework, or lack thereof. The scandal demonstrated the convoluted and surreptitious paths through which our data travels. It exposed how lots of individually innocuous bits of data can add up to something more insidious. And it revealed some of the ways our data can make us a target for state-run disinformation campaigns.
Aleksandr Kogan, a researcher at the University of Cambridge, got about 270,000 people to fill out a survey via Facebook back in 2014. Unbeknownst to those users, the app collected much more than their answers to the survey questions, including their likes, identifying information, location information, and the same information about those users’ Facebook friends. In total, data was harvested from nearly 50 million profiles. Kogan then sold this data to the British political consulting firm Cambridge Analytica. In 2018, Christopher Wylie blew the whistle as part of a Guardian exposé linking Cambridge Analytica and this harvested data to Donald Trump’s 2016 presidential campaign.
Facebook’s terms of service, even back in 2014, clearly forbade the transfer of collected data to third parties. Simultaneously, the terms of…